OpenSSL hangs during PKCS12 export with "Loading 'screen' into random state"

WindowsSslOpensslGit Bash

Windows Problem Overview

I am generating a self-signed SSL certificate with OpenSSL (not makecert), for use in IIS.

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '//CN=myhost'

(The double slash is correct. The command above does not work without that.)

openssl pkcs12 -export -out key.pfx -inkey key.pem -in cert.pem -name 'myhost'

The first command runs completes successfully. However the second get stuck with

> Loading 'screen' into random state -

I am using OpenSSL (1.0.2d) that comes with Git for Windows (2.6.3). Anyone experiences the same issue?

Clarification: Question https://stackoverflow.com/questions/12507277/how-to-fix-unable-to-write-random-state-in-openssl describes different -- problem with writing the the .rnd file. Here the problem seems to be generating the random state. (And only in the second command.)

Windows Solutions

Solution 1 - Windows

Please try to add winpty before oppenssl:

winpty openssl ...

or you can run a new bash wrapped by winpty:

winpty bash

In the windows console, there is some problem with terminal input/output so winpty can help if some software requires unix terminal behavior.

winpty helped me to run openssl in this environment:

git version 2.7.3.windows.1
OpenSSL 1.0.2g  1 Mar 2016

Solution 2 - Windows

I found that I needed to specify the PFX password on the command line using -passout pass:SomePassword - e.g.:

openssl pkcs12 -export -out foo_example_com.pfx -inkey foo_example_com.key -in foo_example_com.crt -passout pass:Pa55w0rd

Solution 3 - Windows

Recently I hit the same when running openssl in an azure ubuntu VM over ssh from a windows 10 laptop. I tried openssl for windows also from windows command prompt and powershell. The root cause behind this seems to be terminal compatibility of openssl when using from windows command prompt.

I found that wsl (windows-subsystem-linux) based shell seem to be good and command goes through proper prompt instead of seem-to-be-hung. Steps here will be

  1. Install ubuntu on windows
  2. launch windows command prompt. Use wsl command to launch bash shell.
  3. openssl tool is already available in this shell. it should give the password and verify password prompts.

openssl pkcs12 command

Categories
Recommended Windows Solutions
Recommended Ssl Solutions
Recommended Openssl Solutions
Recommended Git Bash Solutions

Previous Solution:

Is there a way to make NuGet Package Source settings per solution?

Visual StudioNuget

Next Solution:

Angular cookies

JavascriptAngularTypescript

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionTN.View Question on Stackoverflow
Solution 1 - WindowsSlawomir JaranowskiView Answer on Stackoverflow
Solution 2 - WindowsDuncan SmartView Answer on Stackoverflow
Solution 3 - WindowsSushilView Answer on Stackoverflow